CVE-2026-32988
Published: 31 March 2026
Summary
CVE-2026-32988 is a high-severity Time-of-check Time-of-use (TOCTOU) Race Condition (CWE-367) vulnerability in Openclaw Openclaw. Its CVSS base score is 7.5 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Escape to Host (T1611); ranked at the 3.2th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 AC-25 (Reference Monitor) and SC-50 (Software-enforced Separation and Policy Enforcement).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Implements a reference monitor with complete mediation, tamper resistance, and isolation to enforce sandbox file access policies, directly preventing race-condition bypasses of path validations.
Enforces software-based separation and policy mechanisms to maintain sandbox boundaries, mitigating unauthorized writes outside verified parent directories via path alias races.
Enforces access control policies for file system operations, addressing unauthorized writes but requiring robust implementation to fully counter the temporary file race condition.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Sandbox boundary bypass via TOCTOU race condition on staged file writes directly enables escape from the restricted environment to the host filesystem.
NVD Description
OpenClaw before 2026.3.11 contains a sandbox boundary bypass vulnerability in fs-bridge staged writes where temporary file creation and population are not pinned to a verified parent directory. Attackers can exploit a race condition in parent-path alias changes to write attacker-controlled…
more
bytes outside the intended validated path before the final guarded replace step executes.
Deeper analysisAI
CVE-2026-32988 is a sandbox boundary bypass vulnerability in OpenClaw versions before 2026.3.11, specifically within the fs-bridge staged writes functionality. The flaw arises because temporary file creation and population are not pinned to a verified parent directory, enabling a race condition in parent-path alias changes. This allows attackers to write attacker-controlled bytes outside the intended validated path before the final guarded replace step executes. The vulnerability is classified under CWE-367 and carries a CVSS v3.1 base score of 7.5 (AV:L/AC:H/PR:L/UI:N/S:C/C:N/I:H/A:H).
A local attacker with low privileges can exploit this issue through a high-complexity race condition, requiring no user interaction. Successful exploitation changes the scope and enables high-impact integrity and availability disruptions by bypassing sandbox boundaries and performing unauthorized writes outside validated paths.
Advisories detailing mitigation are available at the OpenClaw GitHub security page (https://github.com/openclaw/openclaw/security/advisories/GHSA-mj4p-rc52-m843) and VulnCheck (https://www.vulncheck.com/advisories/openclaw-sandbox-boundary-bypass-via-unvalidated-temporary-file-creation). OpenClaw 2026.3.11 addresses the issue.
Details
- CWE(s)